• Some VM's in NSX have a System tag attached with the Organization VDC (Virtual Datacentre) ID 
• When creating a Dynamic Security Group using Security Tags the Dynamic Security Group does not contain all the expected VM's from the VDC

VMware Cloud Director 10.x

This issue is caused due to the VM's not being connected to a network that is owned by a Data Centre Group. If the VM's are not connected to a network owned by a Data Centre group they will not have a System tag that contains the Organization VDC ID in NSX and therefore the VM's will not be visible when you select the associated VM's in the dynamic security group.

To Verify what networks are owned by a Data Centre Group and have a System VDC tag associated in NSX follow the steps below:

1. Login to the tenant portal
2. Select Networking tab
3. Select Data Centre group
4. Select the Organization VDC that is listed
5. Select networks under Security
6. The VM's that are connected to the networks that are visible will have a System Tag that contains the Organization VDC ID in NSX and therefore will be listed in the Dynamic Security Group.

Note: The System tag cannot be removed unless all VM's have been disconnected from the network that is owned by the Data Centre Group